[pull] main from pypi:main #2305
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
* Add OIDC ActiveStatePublisher modeling * Update warehouse/oidc/models/github.py Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update warehouse/migrations/versions/9a0ed2044b53_add_activestate_oidc_publisher.py Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update warehouse/migrations/versions/9a0ed2044b53_add_activestate_oidc_publisher.py Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update warehouse/migrations/versions/9a0ed2044b53_add_activestate_oidc_publisher.py Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update warehouse/migrations/versions/9a0ed2044b53_add_activestate_oidc_publisher.py Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Update warehouse/migrations/versions/9a0ed2044b53_add_activestate_oidc_publisher.py Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Review cleanup * Remove branching in migration graph with ActiveState Model introduction * Revert mocking change to GitHub tests. Changes focused on that can be done at another time --------- Co-authored-by: Carey Hoffman <careyh@activestate.com> Co-authored-by: Carey Hoffman <cgchoffman@gmail.com>
Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump celery-types from 0.20.0 to 0.21.0 Bumps [celery-types](https://github.com/sbdchd/celery-types) from 0.20.0 to 0.21.0. - [Commits](https://github.com/sbdchd/celery-types/commits) --- updated-dependencies: - dependency-name: celery-types dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump types-setuptools Bumps [types-setuptools](https://github.com/python/typeshed) from 69.0.0.20240106 to 69.0.0.20240115. - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump mkdocs-material from 9.5.3 to 9.5.4 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.3 to 9.5.4. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.3...9.5.4) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump stripe from 7.11.0 to 7.12.0 Bumps [stripe](https://github.com/stripe/stripe-python) from 7.11.0 to 7.12.0. - [Release notes](https://github.com/stripe/stripe-python/releases) - [Changelog](https://github.com/stripe/stripe-python/blob/master/CHANGELOG.md) - [Commits](stripe/stripe-python@v7.11.0...v7.12.0) --- updated-dependencies: - dependency-name: stripe dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump google-cloud-bigquery from 3.14.1 to 3.16.0 Bumps [google-cloud-bigquery](https://github.com/googleapis/python-bigquery) from 3.14.1 to 3.16.0. - [Release notes](https://github.com/googleapis/python-bigquery/releases) - [Changelog](https://github.com/googleapis/python-bigquery/blob/main/CHANGELOG.md) - [Commits](googleapis/python-bigquery@v3.14.1...v3.16.0) --- updated-dependencies: - dependency-name: google-cloud-bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sphinxcontrib-serializinghtml from 1.1.9 to 1.1.10 Bumps [sphinxcontrib-serializinghtml](https://github.com/sphinx-doc/sphinxcontrib-serializinghtml) from 1.1.9 to 1.1.10. - [Release notes](https://github.com/sphinx-doc/sphinxcontrib-serializinghtml/releases) - [Changelog](https://github.com/sphinx-doc/sphinxcontrib-serializinghtml/blob/master/CHANGES) - [Commits](sphinx-doc/sphinxcontrib-serializinghtml@1.1.9...1.1.10) --- updated-dependencies: - dependency-name: sphinxcontrib-serializinghtml dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sphinxcontrib-devhelp from 1.0.5 to 1.0.6 Bumps [sphinxcontrib-devhelp](https://github.com/sphinx-doc/sphinxcontrib-devhelp) from 1.0.5 to 1.0.6. - [Release notes](https://github.com/sphinx-doc/sphinxcontrib-devhelp/releases) - [Changelog](https://github.com/sphinx-doc/sphinxcontrib-devhelp/blob/1.0.6/CHANGES) - [Commits](sphinx-doc/sphinxcontrib-devhelp@1.0.5...1.0.6) --- updated-dependencies: - dependency-name: sphinxcontrib-devhelp dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cmarkgfm from 2022.10.27 to 2024.1.14 Bumps [cmarkgfm](https://github.com/theacodes/cmarkgfm) from 2022.10.27 to 2024.1.14. - [Release notes](https://github.com/theacodes/cmarkgfm/releases) - [Commits](theacodes/cmarkgfm@2022.10.27...2024.1.14) --- updated-dependencies: - dependency-name: cmarkgfm dependency-type: indirect update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump mkdocs-rss-plugin from 1.11.0 to 1.12.0 Bumps [mkdocs-rss-plugin](https://github.com/Guts/mkdocs-rss-plugin) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/Guts/mkdocs-rss-plugin/releases) - [Changelog](https://github.com/Guts/mkdocs-rss-plugin/blob/main/CHANGELOG.md) - [Commits](Guts/mkdocs-rss-plugin@1.11.0...1.12.0) --- updated-dependencies: - dependency-name: mkdocs-rss-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump faker from 22.0.0 to 22.2.0 Bumps [faker](https://github.com/joke2k/faker) from 22.0.0 to 22.2.0. - [Release notes](https://github.com/joke2k/faker/releases) - [Changelog](https://github.com/joke2k/faker/blob/master/CHANGELOG.md) - [Commits](joke2k/faker@v22.0.0...v22.2.0) --- updated-dependencies: - dependency-name: faker dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump structlog from 23.3.0 to 24.1.0 Bumps [structlog](https://github.com/hynek/structlog) from 23.3.0 to 24.1.0. - [Release notes](https://github.com/hynek/structlog/releases) - [Changelog](https://github.com/hynek/structlog/blob/main/CHANGELOG.md) - [Commits](hynek/structlog@23.3.0...24.1.0) --- updated-dependencies: - dependency-name: structlog dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sentry-sdk from 1.39.1 to 1.39.2 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.39.1 to 1.39.2. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@1.39.1...1.39.2) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump trove-classifiers from 2023.11.29 to 2024.1.8 Bumps [trove-classifiers](https://github.com/pypa/trove-classifiers) from 2023.11.29 to 2024.1.8. - [Release notes](https://github.com/pypa/trove-classifiers/releases) - [Commits](pypa/trove-classifiers@2023.11.29...2024.1.8) --- updated-dependencies: - dependency-name: trove-classifiers dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump markdown from 3.5.1 to 3.5.2 Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.5.1 to 3.5.2. - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](Python-Markdown/markdown@3.5.1...3.5.2) --- updated-dependencies: - dependency-name: markdown dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump protobuf from 4.25.1 to 4.25.2 Bumps [protobuf](https://github.com/protocolbuffers/protobuf) from 4.25.1 to 4.25.2. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v4.25.1...v4.25.2) --- updated-dependencies: - dependency-name: protobuf dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump google-auth from 2.26.1 to 2.26.2 Bumps [google-auth](https://github.com/googleapis/google-auth-library-python) from 2.26.1 to 2.26.2. - [Release notes](https://github.com/googleapis/google-auth-library-python/releases) - [Changelog](https://github.com/googleapis/google-auth-library-python/blob/main/CHANGELOG.md) - [Commits](googleapis/google-auth-library-python@v2.26.1...v2.26.2) --- updated-dependencies: - dependency-name: google-auth dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump actions/cache from 3 to 4 Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump alabaster from 0.7.15 to 0.7.16 Bumps [alabaster](https://github.com/sphinx-doc/alabaster) from 0.7.15 to 0.7.16. - [Release notes](https://github.com/sphinx-doc/alabaster/releases) - [Changelog](https://github.com/sphinx-doc/alabaster/blob/master/docs/changelog.rst) - [Commits](sphinx-doc/alabaster@0.7.15...0.7.16) --- updated-dependencies: - dependency-name: alabaster dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump beautifulsoup4 from 4.12.2 to 4.12.3 Bumps [beautifulsoup4](https://www.crummy.com/software/BeautifulSoup/bs4/) from 4.12.2 to 4.12.3. --- updated-dependencies: - dependency-name: beautifulsoup4 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump ddtrace from 2.4.0 to 2.4.1 Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/DataDog/dd-trace-py/releases) - [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md) - [Commits](DataDog/dd-trace-py@v2.4.0...v2.4.1) --- updated-dependencies: - dependency-name: ddtrace dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump datadog from 0.47.0 to 0.48.0 Bumps [datadog](https://github.com/DataDog/datadogpy) from 0.47.0 to 0.48.0. - [Release notes](https://github.com/DataDog/datadogpy/releases) - [Changelog](https://github.com/DataDog/datadogpy/blob/master/CHANGELOG.md) - [Commits](DataDog/datadogpy@v0.47.0...v0.48.0) --- updated-dependencies: - dependency-name: datadog dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cbor2 from 5.5.1 to 5.6.0 Bumps [cbor2](https://github.com/agronholm/cbor2) from 5.5.1 to 5.6.0. - [Release notes](https://github.com/agronholm/cbor2/releases) - [Changelog](https://github.com/agronholm/cbor2/blob/master/docs/versionhistory.rst) - [Commits](agronholm/cbor2@5.5.1...5.6.0) --- updated-dependencies: - dependency-name: cbor2 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Co-authored-by: Mike Fiedler <miketheman@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Bumps [ddtrace](https://github.com/DataDog/dd-trace-py) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/DataDog/dd-trace-py/releases) - [Changelog](https://github.com/DataDog/dd-trace-py/blob/main/CHANGELOG.md) - [Commits](DataDog/dd-trace-py@v2.5.0...v2.5.1) --- updated-dependencies: - dependency-name: ddtrace dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* remove vault container The vault container was a previous TUF implementation (TUF initialization #7488) The new integration with RSTUF does not require this container. Signed-off-by: Kairo de Araujo <kairo@dearaujo.nl> * PEP 458: Add RSTUF services in the Warehouse Infra This commit adds the RSTUF services to the Warehouse infrastructure for development and sets the minimum required to start RSTUF services. It adds the RSTUF API, which is used later to integrate into Warehouse and RSTUF Worker, which is responsible for computing the TUF metadata. The RSTUF requires the Postgres and Redis. Postgres stores the rstuf database used for TUF metadata computing. Redis stores the task message queue between RSTUF API and Worker, task backend result, and live settings between RSTUF services. RSTUF shares the same Postgres and Redis in development environment but has a specific setup to use its own Postgres database and Redis database ID. Postgresql URI `RSTUF_SQL_SERVER=postgresql://postgres@db:5432/rstuf` Redis DB Broker and Result is id 1 `RSTUF_BROKER_SERVER=redis://redis/1` `RSTUF_REDIS_SERVER_DB_RESULT=1` Redis DB for TUF repository settings is 2 `RSTUF_REDIS_SERVER_DB_REPO_SETTINGS=2` This commit also includes TUF database creation in the Makefile during the `make initdb`. Signed-off-by: Kairo de Araujo <kairo@dearaujo.nl> * remove rstuf-worker unnecessary settings Remove settings from rstuf-worker in docker-compose.yml Signed-off-by: Kairo de Araujo <kairo@dearaujo.nl> * remove vault volume from docker-compose --------- Signed-off-by: Kairo de Araujo <kairo@dearaujo.nl> Co-authored-by: Ee Durbin <ewdurbin@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Co-authored-by: Der Marschall <meinkontobasic@outlook.com> Co-authored-by: Edgar R. M <edgarrm358@gmail.com> Co-authored-by: Junwon Lee <cpprhtn@naver.com> Co-authored-by: Manoj Kumar Bavakad <manojnambyar@gmail.com> Co-authored-by: Pongsathorn Sraouthai <pongsathorns@gmail.com> Co-authored-by: Rafael Fontenelle <rafaelff@gnome.org> Co-authored-by: Stanis Trendelenburg <stanis.trendelenburg@gmail.com> Co-authored-by: Vesela Trajkoska <veselatrajkoska2@gmail.com> Co-authored-by: gfbdrgng <hnaofegnp@hldrive.com> Co-authored-by: letruxux <mrgianfranco483@gmail.com> Co-authored-by: 大王叫我来巡山 <hamburger2048@users.noreply.hosted.weblate.org>
Change the "workflow file path" field in the UI and in the docs to "top-level pipeline file path". This is the correct term, since GitLab OIDC claims only provide the top-level pipeline (usually `.gitlab-ci.yml`), rather than individual jobs/workflows. Also change the security model doc, to clarify that PyPI cannot tell the difference between different .yml files that are included in `.gitlab-ci.yml`, since it's the latter that is reported in the claims.
* Use grouped version updates for dependabot * Remove actions/combine-prs and its comments * Fix putting rest of package together
Co-authored-by: Mike Fiedler <miketheman@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mike Fiedler <miketheman@gmail.com>
Co-authored-by: Mike Fiedler <miketheman@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pypi-combine-prs[bot] <144945619+pypi-combine-prs[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )